PHP：openssl_private_decrypt()：key 参数不是有效的私钥

Question

我有这个代码来创建一个 RSA 4096 公钥和私钥来加密和解密一个字符串。

代码：

<?php
$config = array(
    "config" => "C:/xampp/php/extras/openssl/openssl.cnf",
    "private_key_bits" => 4096,
    "private_key_type" => OPENSSL_KEYTYPE_RSA
);

// Create the private and public key
$res = openssl_pkey_new($config);

// Extract the private key from $res to $privKey
openssl_pkey_export($res, $privKey);

// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
$pubKey = $pubKey["key"];

$data = 'Hello, World!';

// Encrypt the data to $encrypted using the public key
openssl_public_encrypt($data, $encrypted, $pubKey);

echo $encrypted;

// Decrypt the data using the private key and store the results in $decrypted
openssl_private_decrypt($encrypted, $decrypted, $privKey);

echo $decrypted;
?>

它创建密钥，加密data字符串（ Hello, World! ）但是当尝试解密encrypted字符串时，会发生错误：

警告：openssl_private_decrypt(): key parameter is not a valid private key in C:\\xampp\\htdocs\\rsa\\index.php第26行

Answer 1

好的，这对我有用：

更改openssl_pkey_export($res, $privKey); 到openssl_pkey_export($res, $privKey, NULL, $config); .

Answer 2

您不需要像那样导出密钥私有，至少在您将其保存在安全的地方之前不需要：

$config = array(
    "private_key_bits" => 4096,
    "private_key_type" => OPENSSL_KEYTYPE_RSA
);

$pki     = openssl_pkey_new($config);
$public  = openssl_pkey_get_public(
    openssl_pkey_get_details($pki)['key']
); // why on earth did they implement it like this? so clunky.
$private = openssl_pkey_get_private($pki);

$data = 'Hello, World!';

openssl_public_encrypt($data, $encrypted, $public);
openssl_private_decrypt($encrypted, $decrypted, $private);

var_dump(
    bin2hex($encrypted),
    $decrypted
);